RSA and Microsoft to enhance Windows security

This site may earn affiliate commissions from the links on this page. Terms of use.

a new partnership between rsa and microsoft will allow companies to increase security on windows-based computers. normally windows users just need to type in a password to gain access. rsa's “securid for microsoft windows” solution will add an additional layer to the authentication process. in order to gain access to a computer windows users will not only need to know their windows password, but will also need to have a securid token card, which generate a random, one-time password every 60 seconds. the user will need to enter this securid-generated password to gain access to a windows computer.

the rsa securid for microsoft windows solution will work on computers running windows 2000 or windows xp, and servers running windows server 2003. the solution will also require an rsa ace/server 6.0 advanced license, rsa ace/agent 6.0 for windows solution, and rsa securid tokens. the system begins beta testing in the second quarter, with a release date targeted for the third quarter of this year.

brian's opinion
a few years ago i managed a similar token technology for remote dial-up access to a corporate network. the biggest problem with the system is that people would generate a password and not use it, or would enter it into the computer incorrectly. after generating three passwords that weren't used or were entered incorrectly the token would no longer be any good. the general reason people put the password in wrong was that they forgot to turn their number lock on before trying the password three times. the token then had to be manually synchronized with the authentication server. this was a big pain.

the rsa securid cards use time synchronization technology, so they probably don't have the same sync issue; but i can only imagine the number of times people would call the corporate help desk saying they lost or forgot their token cards.

in my opinion biometrics is a better solution because people don't usually forget their fingerprints in the morning, and they can't lose them. if people could lose their fingerprints then criminals would definitely have an advantage over the local police force.

perhaps an administrative password in the computer setup protecting the pc from even starting?

besides, security is needed to protect the data contained on the system, not the actual system itself. – by yes

new os(1:23pm est wed feb 25 2004)we've been using this rsa secureid with a citrix server on nt4 for 5+ years. it works really well. it looks like this is the same technology, rebuilt for windows 2000/2003 servers.

i like this idea, this way the passwords don't have to be as robust, and they don't have to change as often. if an ex-employee remembers the password, its useless without the token.

just my thoughts – by mr. wizard

re: daspecialist(1:24pm est wed feb 25 2004)your assumption is flawed. if you have access to the machine and you shouldn't security has already been breeched. you have to realize that there are two sides to security: physical and permissional. neither is very much good without the other. – by m@

security guru unmoved by gates' rsa remarks(1:25pm est wed feb 25 2004)“was it just me or was he just not excited? i expected more excitement,” schneier said. “when he talks about features and cool things [in his products], he gets animated. but until he gets animated about security you know he's not going to solve the problem.” “security is not as exciting as the next cool thing in windows,” schneier said. “[gates] had an opportunity to wow us [earlier]. i wanted to be wowed. i didn't want to hear about cool dialog boxes.” “it's a big boat to turn around,” schneier said about microsoft's security initiatives, such as trustworthy computing. “give him some quarter for that, but he's had some time to turn about the boat. security should be his bottom line. then he'll care.”– by roy

ok, sorta(1:38pm est wed feb 25 2004)good idea for increasing logon authentication, but how does this help the “big” windows security issues? virus-infected emails, worms like sobig and blaster, etc.

one of my favorite tv commercials is the cicso one with the manager and it person talking about their network being attacked and “how do these things happen?” just then the boss's daughter comes in to tell hom about this neat thing she just downloaded from the web…

junk(1:50pm est wed feb 25 2004)all this does is allow users to have less robust passwords that don't have to change every 3 months, of course now they have to keep track of a physical piece of junk the size of a keyfob in order to gain access.

basicly some salemen over at rsa went to microsofts corporate office and did a sales pitch.

just hope that your company's office isn't retarded enough to think adopting this tech is the way to go.

this sh*t at work(2:56pm est wed feb 25 2004)the it nazi's setup this sh*t on our official dialins for work – its a monumental pain in the arse. so we stuck a modem on a win2000 machine, set it as a ras server, and run our own unofficial dial in. much simplier, and if security gets breached, well the it nazi's should not be making the “official system” such a pain in the first place should they!! – by pyscrow

in my case, they go blank for about a month (the skin just peels off, leaving a blank surface).

it has also been shown (last year at least) that all fingerprint scanners can be faked out by forged prints. either wax, rubber, epoxy, or other methods to duplicate a print.

biometrics are fine for use as a substitute for a login identification.

but they suck at authentication.– by old sampler

worms(5:05pm est wed feb 25 2004)tell again how will this stop worms and backdoors?

– by rax

what about retina scanning?(9:02pm est wed feb 25 2004)retina scanning is another biometrics that can be used. i suppose you could lose your eye and then become unable to log onto your machine, but chances are, if you lose your eye, you have more important things to worry about than just trying to log into your machine. – by randomuser

re: yes(11:33pm est wed feb 25 2004)anybody can reset the bios password, you're right. i think here though that if you've gone that far that you are assuming that the hardware being used is corporate owned–usually a laptop. if that's the case, the hard drive should be encrypted. the technology exists, and it's negligent not to use it it's not expensive, and it prevents the simple bypass you suggest.

and pyscrow, you're the reason the it nazi's do this stuff. and it starts by never letting users have local admin rights. good luck installing that modem then. and it's you that'll get canned if there's a “breach” the company may even pursue legal action. – by bob the sock

oh this is annoying….(1:38am est thu feb 26 2004)just another way for ms to get money, and i tend to lose things frequently, i hope this doesnt happen for real – by travis

re: clones(12:28pm est thu feb 26 2004)nope…

they would be different, just as identical twins have different fingerprints.

there was a sean connery movie about a bank heist where the bank vp was mugged in the street and had pepper sprayed into his eyes… he got hustled off to an optomitrist who put numbing drops in his eyes and then made a scan “to make sure there was no lasting damage”…– by old sampler